Since 2006, people have been quoting British mathematician Clive Humby’s famous phrase, “Data is the new oil.” However, a strong case can be made that data may actually be more valuable than oil—some of the world’s most highly valued companies are data companies deriving much of their value from virtual assets.
As Forbes pointed out, nowadays, every company is a data company, and the value of data is growing. Data can improve the overall performance of a company and help them make better decisions. It can also be used to create new products, new features—even disruptive new companies and markets.
Unfortunately, your company’s data is also financially lucrative to the hordes of hackers out there looking to steal it and sell it on the dark web or other questionable online marketplaces. The 2021 Data Breach Investigations report cites 93% of these bad actors were motivated by money. According to the Ponemon Institute, the global average total cost of a data breach in 2021 was $4.24 million.
No industry or business is spared from the threats—not even nonprofits. With every sector exhibiting similar risks, it’s important to consider convenient, primary ways of protecting your company’s data, such as by using password protection and encryption.
There are numerous levels of data protection available to organizations. The first and simplest line of defense is to password protect your sensitive files and folders when:
Sharing a device with other users.
Needing to collaborate securely.
Using a device with a high risk of being stolen, such as a phone, laptop, or tablet.
Sending or sharing files online.
Protecting any important data that could be accidentally or intentionally modified or deleted.
In this article, we will identify situations in which you might need to password protect a Zip folder, discuss common issues that can arise when adding password protection while zipping files, and cover how solutions such as WinZip® Enterprise help you protect and encrypt your Zip files.
Why password protection Isn’t the same as encryption
Password protection uses private passwords to protect sensitive information. Encryption is a level up from password protection. Encryption is more secure than passwords because it scrambles and unscrambles data using an algorithm and a key.
Password protecting a Zip folder is like putting your valuables in a safe where you choose the combination, and it remains known only to you and the people with whom you choose to share it.
Of course, password protection is only as strong as the password itself. Using weak password protection for information security can leave companies vulnerable to hacks and attacks, including the following:
Dictionary hack. A dictionary attack relies on a library of words and phrases commonly used as passwords, such as “123456,” “password,” or “iloveyou.”
Brute-force attack.A hacker can try to gain access to systems through brute force by trying every possible combination of letters, numbers, and special characters. The longer and more varied the password (for example, “cyber1!” vs “cY#v1!B^9%Gw”), the more difficult and time consuming it is to break in a brute-force attack.
Phishing. In a phishing attack, cybercriminals pose as reputable, recognizable people, organizations, or service providers to steal information. Fake password resets are a common type of phishing attack, which prompt users to provide their password or other credentials to verify their account.
Rainbow table. When stored in a computer system, passwords are saved as encrypted hash values rather than plain text. When you enter your password, it is “hashed”— converted into a predefined-length, undecipherable string that is authenticated against a matching hash value stored in your password database.
In a rainbow table attack, cybercriminals leverage a database that contains plaintext passwords and their associated hash values to try to guess, match, and crack your passwords.
All the more reason to make sure you create strong passwords.
People often create passwords with the goal of making them easy to remember. So, they make the mistake of using family members’ names, nicknames, pet names, hobbies, or birthdays.
Here are some tips for creating strong passwords:
-
Don’t use personal information. Information like your name, birthday, username, or email address are often publicly available online.
The longer, the stronger. Extra characters add extra security. In general, your password should be at least six characters long, though some industry experts say 12.
Don’t reuse passwords. As a best practice, create a new password for each account. If a hacker gains access to a multiple-use password, they can gain access to each of the associated accounts.
Pick something obscure or nonsensical. For instance, use or create a word that is not found in the dictionary—instead of “funnybone,” use “phnybon.”
As mentioned earlier, password protecting files and folders is smart, convenient, and a strong first line of defense.
However, there may be times when you want to encrypt a file or folder instead. For example:
Using your laptop on public or open Wi-Fi. Public Wi-Fi hotspots are convenient when you are on the go, but they are not always secure.
Your device gets stolen. Your data will still be hard for a hacker to access if your files are encrypted.
Transferring data. Online storage and sharing services, USB drives, and emails can all be hacked. Encrypting files and folders helps ensure they stay secure even if someone is able to intercept them.
You want to add an extra layer of protection. Adding encryption can amplify security by making a would-be hacker work through multiple barriers.
You need to maintain data integrity and follow industry regulations. When you’re dealing with sensitive information that must be compliant with regulations or industry standards, data integrity is paramount. If you can’t be absolutely certain that your data hasn’t been tampered with, then it may be rendered unusable.
There are some types of files everyone should consider encrypting:
- Financial information and records
- Legal documents
- Personally Identifiable Information (PII)
- Confidential project file
- Backups and archives
Encryption is a way of concealing messages by encoding them in such a way that only authorized personnel can access the information. Encryption hides your data by making it unreadable to anyone without the proper encryption algorithm.
So if you’re wondering whether to encrypt a file or folder, a good rule of thumb is “when it doubt, encrypt.”
To summarize the difference between password protecting and encrypting:
Password protection means securing a file or folder with a password you have created. Unless the receiver of that file or folder has the correct password, they won’t be able to unlock it and access its contents.
Encryption scrambles all the data in the file or folder using an algorithm and a key. So, it requires that the receiver of the file has access to the key to give that algorithm permission to unscramble it.
Times when you might want to password protect and encrypt files and folders:
It’s a smart idea to use password protection and encryption if you have financial data, sensitive data, PII, or really any data that’s important enough to protect.
Fortunately, WinZip Enterprise makes it easy to password protect and encrypt a file or folder as part of the same process and, in fact, recommends that you do both when possible.
How to password protect a zip file or folder
Once you experience how easy and secure it is to password protect and/or encrypt your files and folders, you’ll want it to be a standard operating procedure for yourself and for your organization. Just follow these simple steps:
- Open your file or folder.
- Click Encrypt in the Actions pane.
- Drag and drop your file(s)/folder(s) to the center NewZip.zip pane.
- Choose a strong password.
- Enter the password (twice) when the dialog box appears.
- Click OK.
- Click the Options tab in the Actions pane.
- Choose Encryption Setting. (Note that 256-bit AES is recommended.)
- Click Save.
- Now you are ready to store, email, or share your files with extra security.
Common issues when zipping files and adding password protection
The great benefit of protecting files and folders by zipping them is that you are in control of their security since you create and possess the password. However, if you forget or lose that password, it can be incredibly difficult (if it’s possible at all) to recover a lost password. So be sure to keep your password secure and stored in a safe place.
One of many reasons to password protect documents is so you can share them securely—online or in an email. This requires the person you’re sharing them with to have your password. It’s a good practice to send the file and the password in separate emails and advise the recipient to store the password in a secure place.
There may be times when you have already zipped a file or folder and stored it on your computer, then later decide you want to encrypt the data in that Zip file. If a file or folder in that Zip folder is already encrypted, it will first need to be decrypted and then re-encrypted using the password and encryption method you specified.
For various reasons, a Zip file may fail to open because of:
- File corruption
- An incomplete download
- Interruptions (like power failure) during compression
- Damage due to exposure to magnetic fields, high temperatures, or mechanical shock
Fortunately, WinZip Enterprise can often help you repair Zip files, so you can feel free to Zip and encrypt without worrying about the integrity of your data.
Learn how WinZip Enterprise can help you password protect and encrypt Zip files.